This is going to be a quick blog, based on a question I had from one of my clients.
They want to deploy Multi Factor Authentication across their estate, but are having issues with users refusing to install a ‘work application’ on their personal phones, or in fact use their personal phones for any work related activity.
The only authentication methods available for Azure MFA are:
- Password (Cannot be disabled)
- Authenticator App
- Voice Call
- OATH Token
- App Passwords (If you are using Conditional Access to enforce MFA (which you should be!) rather than per-user, then this method is not available)
So without the use of a phone, the only methods left are password and OATH tokens.
The use of OATH tokens is still in preview from Microsoft, and there is a cost associated with each token; two reasons not to rely on them at the moment.
After chatting with the client for a short while, it became apparent that they didn’t realise that the Authenticator App wasn’t just a ‘work application.’
Authenticator can be used for personal MFA too. If you’re reading this thinking “Eh? Personal MFA?” then you need to go away and do some research and start protecting your online identity! But someone better than me has probably (definitely!) wrong a better article on that whole subject.
But yes, the Authenticator app can also be used to help protect your personal apps/websites too.
This list isn’t exhaustive but contains quite a lot of the popular ones:
- XBox Live
The Microsoft Authenticator app works with any app that uses two-factor verification and any account that supports the time-based one-time password (TOTP) standards.
So, the point of this blog?
Help your users help themselves! Once they realise that this ‘work app’ can prevent unauthorised logins to their social media, shopping and entertainment sites, then they will be much more open to adding their work applications to it!
Some popular examples of how to add apps to the Authenticator app:
If you have any questions about MFA, Authenticator, Conditional Access, or in fact anything EMS related. Just drop me a message via the Contact Us link at the top of the page, on LinkedIn, this Twitter or this Twitter!